News release

Conveyancing theft reported as biggest cybercrime problem for law firms

7 December 2016

Figures we have published today have shown that email hacks of conveyancing transactions are the most common cybercrime in the legal sector, with £7m of client losses reported in the last year.

Three-quarters of cybercrimes reported to the SRA in the 12 months are some form of "Friday afternoon" fraud. This involves criminals modifying emails directly, usually by hacking into the email system of an individual.

They then alter the client's emails to the solicitor or vice versa, altering bank details so funds go to the criminal. The majority of cases involve conveyancing. Such scams often take place on a Friday, as this is the time that completions often take place, while it also buys criminals time to avoid detection.

Firms must inform the regulator if they lose client money or information, but the problem and size of losses may currently be under-reported. Other research has shown that a quarter of firms have been targeted by cybercriminals, with nearly one in ten resulting in money being stolen.

We are reminding firms to ensure they report such cases. By sharing information on cyber attacks, the whole legal sector can work together to be as safe as possible.

The regulator is taking a constructive and engaged approach, particularly if firms take steps to make good any losses to the client, and are looking to learn from the incident. Our report, IT Security: keeping information and money safe, is targeted at helping law firms manage the risks of cybercrime by offering advice on the latest trends, so they can protect themselves and their clients. The report stresses that as most cybercrime involves some form of deception, firms should protect themselves by focusing not just on technology but also people and training.

Paul Philip, SRA Chief Executive, said: "Cybercrime is now the most prevalent crime in the UK. Cybercriminals are not just after money but sensitive information, so law firms are an obvious target. It is the job of firms to take steps to protect themselves and their clients’ money. That means training staff and staying vigilant, as well as maintaining up to date technology protections. We all know threats in this area change rapidly. By working together to share information on the latest cyber attacks, we can help the legal sector stay safe, protecting firms and clients.

"Conveyancing fraud can see people lose their life-savings. We also want to see firms making sure their clients are aware of the risks. For instance, we would recommend that people avoid sharing bank details over email, or transferring money before confirming the source of any request."

Professional indemnity insurance research undertaken by the Law Society shows that a quarter of firms have been targeted by cyber criminals, with nearly one in ten resulting in money being stolen. The research is available here: